Mattias Bengtsson and Philip Olausson have discovered a buffer overflow
vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c
when processing overly long HTTP headers.

Impact

A remote attacker could send a specially crafted request to the
vulnerable Lighttpd server, resulting in the remote execution of
arbitrary code with privileges of the user running the web server. Note
that mod_fastcgi is disabled in Gentoo's default configuration.

Workaround

Edit the file /etc/lighttpd/lighttpd.conf and comment the following
line: "include mod_fastcgi.conf"